CVE-2021-31874

EUVD-2021-18749
Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
zohocorpmanageengine_adselfservice_plus
𝑥
< 6.1
zohocorpmanageengine_adselfservice_plus
6.1
zohocorpmanageengine_adselfservice_plus
6.1:6100
zohocorpmanageengine_adselfservice_plus
6.1:6101
zohocorpmanageengine_adselfservice_plus
6.1:6102
zohocorpmanageengine_adselfservice_plus
6.1:6103
𝑥
= Vulnerable software versions
References
https://blog.stmcyber.com/vulns/cve-2021-31874/
https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes
https://blog.stmcyber.com/vulns/cve-2021-31874/
https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6104-released-with-an-important-security-fixes